undefined | Better HN

0 pointsignoramous4y ago0 comments

In the open? I believe u:pwd is HTTP Basic Auth, which is not "in the open" when over TLS.

https://en.wikipedia.org/wiki/Basic_access_authentication#Se...

0 comments

~~It's still passing credentials for the entire account, rather than something explicity scoped to "just update these A records, and these A records only".~~

~~Also as the parent noted, Google have the last few years been very aggressive about "unsafe login" (using usr+pass outside of Google) and this might disappear.~~

Edit: Never mind, buried in the docs it appears the user:pass are scoped.

j / k navigate · click thread line to collapse

0 pointsignoramous4y ago0 comments

In the open? I believe u:pwd is HTTP Basic Auth, which is not "in the open" when over TLS.

https://en.wikipedia.org/wiki/Basic_access_authentication#Se...

0 comments

tehbeard4y ago

~~It's still passing credentials for the entire account, rather than something explicity scoped to "just update these A records, and these A records only".~~

~~Also as the parent noted, Google have the last few years been very aggressive about "unsafe login" (using usr+pass outside of Google) and this might disappear.~~

Edit: Never mind, buried in the docs it appears the user:pass are scoped.

j / k navigate · click thread line to collapse